AAAREADME.DOC 11/22/94 NUSER, a hierarchical account management system for VMS NUSER by Brian Lomasky Teradyne, Inc., 321 Harrison Avenue, M/S H22, Boston, MA 02118 Email: LOMASKY@BRIT.DNET.TERADYNE.COM (617) 422-2259 ---------- Disclaimer ---------- NUSER is released to the public domain in an "AS-IS" condition. Neither Brian Lomasky nor Teradyne, Inc. implicitly or explicitly implies this program is usable in any way. ---------- Overview ---------- As computer sites get larger, the number of individuals that need access to the OpenVMS computer system keep growing, until it reaches the point (or surpasses) the system manager's ability to respond to the frequent requests to create new user accounts, change existing user accounts, and delete obsolete user accounts. Clearly, some Heirarchical Account Management needs to be instituted. This involves granting specific individuals the authority to control the accounts for all users within their specified domain. This will free the system manager from having to perform most of the routine account maintenance, allowing that person to perform their other system management duties. This utility program (NUSER) is being used by designated users within our company to add, change, and delete accounts within their domain. The system manager is only needed to create non-standard accounts (i.e. privileged users or users which do not fall into one of the specified domains) since the NUSER utility will only allow normal non-privileged accounts to be created. As an extra benefit, the NUSER utility can process multiple SYSUAF and RIGHTSLIST files within a cluster as a single entity, thereby allowing you to configure the separate cluster nodes each with their own system disk, but by using NUSER, causing the usernames (if so desired), UICs, and identifier values to automatically match each other, cluster-wide, as if you were using a common cluster-wide SYSUAF and RIGHTSLIST file. The NUSER program allows designated users to add or delete SYSUAF accounts, to change accounts between Restricted and non-Restricted, to Grant or Deny or Change database access to existing accounts, to change division-specific access for other accounts, to grant or deny specific other identifiers, to change a password back to the username, to change the password for a privileged user on all cluster nodes, and to change a user's account name on all cluster nodes. This program will check all of the cluster-wide SYSUAF files when searching for possible username matches; If the username exactly matches another node's SYSUAF entry, the other node's SYSUAF information will be used, as appropriate, to store the username on the local node (after confirmation). If the username matches an account on more than one node, only the data from the first matching node will be used; the nodes are examined in the order that they appear in the TOOLS:SYSUAF_SPECS.DAT file. ---------- Design Concepts: ---------- NUSER was created in order to allow designated users to control system access for designated users in their domain (which is referred to as division in this document, as well as when running NUSER). Each division is represented by a unique 3-letter designation.